False positives

It was disappointing but predictable that New York Attorney General Eliot Spitzer’s case against spammer Scott Richter and his company OptInRealBig.com would end not with a bang but a whimper.

It was disappointing but predictable that New York Attorney General Eliot Spitzer’s case against spammer Scott Richter and his company OptInRealBig.com would end not with a bang but a whimper. The original goal of the suit was to fine Richter and company $20 million in damages, but in the end the case was settled for $40,000 in penalties and an additional $10,000 for investigative costs.

OptInRealBig.com also must provide the Attorney General’s office with customer information and all advertisements it sends as well as promise to use proper identifying information when registering domain names.

To OptInRealBig.com (gad, but I loathe that name – it sounds as cheesy as their business model) the fines are a pittance – a rounding error on the $18 million company’s connectivity bill.

Spitzer put a brave face on it: “This settlement holds Richter and his company to a new standard of accountability in their delivery of e-mails . . . If he does not fulfill these standards, he will find himself back in court, facing greater penalties.”

What a load of hogwash! The cost to the taxpayer of mounting this case will be far in excess of the $50,000 in fines and the pathetic settlement terms – described by Richter’s lawyer (who also happens to be Richter’s father) as a “no harm, no foul” situation from Richter’s position – simply underlines the fact that the CAN-SPAM act is nothing more than a minor irritation to serious spammers.

You could look at this as a false positive – CAN-SPAM appears to have “teeth,” and Spitzer would have us believe prosecuting Richter had some real benefits, but neither of these is true. A lie dressed up to look like the truth is still a lie, and the problem lies in detecting it.

So given that CAN-SPAM and, in the state of New York, the attorney general can’t help you and that to the spammers it is just business as usual, you’re just going to have to accept that spam is here to stay and that your job is to minimize its impact – which, as we have discussed in previous columns, is something you can do for a reasonable cost.

Now stop that: It’s no good moaning about how legislation has failed you, I warned you about that months ago. It’s no good trying to ignore the problem, not only is spam not going away, it will get worse.

I was sent some interesting figures on spam by FrontBridge a couple of days ago. FrontBridge is a spam-filtering service provider, so its spam statistics are derived from handling business e-mail. From the company’s data I calculate that on a seven-day average it is currently seeing about 79% spam with peaks as high as 85%!

Those of us with serious anti-spam measures in place are all doing pretty well – most of us are down to less than 10% spam, by which I mean a false negative rate (spam judged as valid) of 10 spams per hundred valid messages. I contend that this is an acceptable level and with fine-tuning we should be able to get down to 2% spam or less.

However, the issue that people always worry about when anti-spam measures are really aggressive is the false-positive problem, the problem of valid messages being judged as spam and being at best delayed and at worst deleted.

The argument is that a false positive could lead to loss of business – people always ask “what if a critical message about a big contract goes missing?”

I would argue that if you rely on a service that doesn’t provide guaranteed delivery with tracking when you have a third party deliver something really important, you have only yourself to blame. Would you use Fedex or UPS to ship valuable goods if you couldn’t track progress and confirm delivery?

But it turns out that the perception of the false positive problem in corporations is rather more complex than that, as we shall see next week.

Positive positives to backspin@gibbs.com.